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Claims 

What is claimed is: 

1 LA method for communication via a data network, between two parties that share a 

2 password, using a Diffie-Hellman type key exchange on a particular group to generate a shared 

3 secret g^, where g is the group generator known to both parties and x is an index known to one party 

4 and y is an index known to the other party, the group having a group operation and an inverse group 

5 operation, the method comprising the steps of: 

6 one party generating a parameter m by performing the group operation on and a function 

7 of at least the password, wherein any portion of a result associated with the function that is outside 

8 the group is randomized, and transmitting m to the other party, whereby the other party may perform 

9 the inverse group operation on m and the function of at least the password, and remove the 

1 0 randomization of any portion of the result associated with the function that is outside the group, to 

1 1 extract and calculate the shared secret g^^. 

1 2. The method of claim 1, wherein the particular group, denoted as G^^, is a sub-group of 

2 a group Z* where p and q are prime numbers such that p equals rq+l for a value r co-prime to q, 

3 and wherein the step of randomizing any portion of a result associated with the function that is 

4 outside the group G^^ is performed by computing a parameter randomly selected from the 

5 group Z* , raising the parameter h to the exponent q and multiplying by the result associated with 

6 the function. 


1 3. The method of claim 1 , wherein the one party is a client and the other party is a server. 

1 4. The method of claim 1, further comprising the step of: 

2 the one party receiving ^ from the other party and generating the shared secret g^^. 
1 5. The method of claim 4, further comprising the step of: 
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2 the one party authenticating the other party by comparing a received value against a function 

3 of at least one of an identifier of the one party, an identifier of the other party, m, the shared 

4 secret, and the password. 

1 6. The method of claim 4, further comprising the step of: 

2 the one party transmitting a function of at least one of an identifier of the one party, an 

3 identifier of the other party, m, g^, the shared secret, and the password, to the other party whereby 

4 the other party may authenticate the one party. 

1 7. The method of claim 4 further comprising the step of: 

2 the one party generating a session key as a function of at least one of an identifier of the one 

3 party, an identifier of the other party, m, g^, the shared secret, and the password. 

1 8. A method for communication via a data network, between two parties that share a 

2 password, using a Diffie-Hellman type key exchange on a particular group to generate a shared 

3 secret g^^, where g is the group generator known to both parties and x is an index known to one party 

4 andj is an index known to the other party, the group having a group operation and an inverse group 

5 operation, the method comprising the steps of: 

6 responsive to the one party generating a parameter m by performing the group operation on 


7 and a function of at least the password, wherein any portion of a result associated with the 

8 function that is outside the group is randomized, and transmitting m to the other party, the other party 

9 performing the inverse group operation on m and the function of at least the password, removing the 

10 randomization of any portion of the result associated with the function that is outside the group, 

1 1 extracting g^, and calculating the shared secret g^. 

1 9. The method of claim 8, wherein the particular group, denoted as G^^, is a sub-group of 

2 a group Z* where p and q are prime numbers such that p equals rq^l for a value r co-prime to q. 
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3 and wherein the step of randomizing any portion of a result associated with the function that is 

4 outside the group G^^ is performed by computing a parameter randomly selected from the 

* > • • 

5 group , raising the parameter h to the exponent q and multiplying W by the result associated with 

6 the function. 

1 10. In accordance with a protocol for communication over a data network between two 

2 parties that share a password, using a Diffie-Hellman type key exchange on a particular group to 

3 generate a shared secret where g is the group generator known to both parties and x is an index 

4 known to one party and j; is an index known to the other party, the group having a group operation 

5 and an inverse group operation, apparatus associated with the one party comprising: 

6 at least one processor operative to: (i) generate a parameter m by performing the group 

7 operation on ^ and a function of at least the password, wherein any portion of a result associated 

8 with the function that is outside the group is randomized; and (ii) transmit m to the other party, 

9 whereby the other party may perform the inverse group operation on m and the function of at least 

1 0 the password, and remove the randomization of any portion of the result associated with the function 

1 1 that is outside the group, to extract and calculate the shared secret g^^. 

1 11. The apparatus of claim 1 0, wherein the particular group, denoted as G^^, is a sub-group 

2 of a group Z* where p and q are prime numbers such that p equals rq-\-\ for a value r co-prime to 

3 q, and wherein the step of randomizing any portion of a result associated with the function that is 

4 outside the group G^^ is performed by computing a parameter A, randomly selected from the 

5 group Z* , raising the parameter h to the exponent q and multiplying ¥ by the result associated with 

6 the function. 

1 12. The apparatus of claim 10, wherein the one party is a chent and the other party is a 

2 server. 
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1 13. The apparatus of claim 10, wherein the at least one processor associated with the one 

2 party is farther operative to receive from the other party and generate the shared secret g^-^. 

1 14. The apparatus of claim 13, wherein the at least one processor associated with the one 

2 party is further operative to authenticate the other party by comparing a received value against a 

3 function of at least one of an identifier of the one party, an identifier of the other party, m, g^, the 

4 shared secret, and the password. 

1 15. The apparatus of claim 13, wherein the at least one processor associated with the one 

2 party is further operative to transmit a function of at least one of an identifier of the one party, an 

3 identifier of the other party, m, g^, the shared secret, and the password, to the other party whereby 

4 the other party may authenticate the one party. 

1 16, The apparatus of claim 13, wherein the at least one processor associated with the one 

2 party is further operative to generate a session key as a function of at least one of an identifier of the 

3 one party, an identifier of the other party, m, g^, the shared secret, and the password. 

1 17. In accordance with a protocol for communication over a data network between two 

2 parties that share a password, using a Diffie-Hellman type key exchange on a particular group to 

3 generate a shared secret g^-^, where g is the group generator known to both parties and x is an index 

4 known to one party and 3; is an index known to the other party, the group having a group operation 

5 and an inverse group operation, apparatus associated with the other party comprising: 

6 at least one processor operative to, in response to the one party generating a parameter m by 

7 performing the group operation on and a function of at least the password, wherein any portion 

8 of a result associated with the function that is outside the group is randomized, and transmitting m 

9 to the other party: (i) perform the inverse group operation on m and the function of at least the 
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1 0 password; (ii) remove the randomization of any portion of the result associated with the function that 

11 is outside the group; (iii) extract g^; and (iv) calculate the shared secret 

1 18. The apparatus of claim 17, wherein the particular group, denoted as G^^, is a sub-group 

2 of a group where p and q are prime numbers such that p equals rq+\ for a value r co-prime to 

3 q, and wherein the step of randomizing any portion of a result associated with the function that is 

4 outside the group G^^ is performed by computing a parameter h, randomly selected from the 

5 group Z* , raising the parameter h to the exponent q and multiplying by the result associated with 

6 the function. 

1 19. An article of manufacture for communication via a data network, between two parties 

2 that share a password, using a Diffie-Hellman type key exchange on a particular group to generate 

3 a shared secret g^, where g is the group generator known to both parties and x is an index known to 

4 one party and y is an index known to the other party, the group having a group operation and an 

5 inverse group operation, the article comprising a machine readable medium containing one or more 

6 programs which when executed implement the steps of: 

7 one party generating a parameter m by performing the group operation on ^ and a function 

8 of at least the password, wherein any portion of a result associated with the function that is outside 

9 the group is randomized, and transmitting m to the other party, whereby the other party may perform 

10 the inverse group operation on m and the function of at least the password, and remove the 

1 1 randomization of any portion of the result associated with the function that is outside the group, to 

12 extract and calculate the shared secret g^^. 

1 20. An article of manufacture for communication via a data network, between two parties 

2 that share a password, using a Diffie-Hellman type key exchange on a particular group to generate 

3 a shared secret g^^, where g is the group generator known to both parties and x is an index known to 

4 one party and y is an index known to the other party, the group having a group operation and an 
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5 inverse group operation, the article comprising a machine readable medium containing one or more 

6 programs which when executed implement the steps of: 

7 responsive to the one party generating a parameter m by performing the group operation on 

8 and a function of at least the password, wherein any portion of a result associated with the 

9 function that is outside the group is randomized, and transmitting m to the other party, the other party 

1 0 performing the inverse group operation on m and the fimction of at least the password, removing the 

1 1 randomization of any portion of the result associated with the function that is outside the group, 

12 extracting g^, and calculating the shared secret g^. 
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